restricting login

farhan · 02-15-2003, 07:10 AM

hi
1.i want to rectrict all users to login except root
2. and also want to allow all users not the root incase when i am not present there andany other way to login as root

acid_kewpie · 02-15-2003, 11:29 AM

you want to have a look at /etc/security/access.conf and set the access rights there. if you've not got the instructions in your's, the rh72 deafult one says:

Quote:

# Login access control table.
#
# When someone logs in, the table is scanned for the first entry that
# matches the (user, host) combination, or, in case of non-networked
# logins, the first entry that matches the (user, tty) combination. The
# permissions field of that table entry determines whether the login will
# be accepted or refused.
#
# Format of the login access control table is three fields separated by a
# ":" character:
#
# permission : users : origins
#
# The first field should be a "+" (access granted) or "-" (access denied)
# character.
#
# The second field should be a list of one or more login names, group
# names, or ALL (always matches). A pattern of the form user@host is
# matched when the login name matches the "user" part, and when the
# "host" part matches the local machine name.
#
# The third field should be a list of one or more tty names (for
# non-networked logins), host names, domain names (begin with "."), host
# addresses, internet network numbers (end with "."), ALL (always
# matches) or LOCAL (matches any string that does not contain a "."
# character).
#
# If you run NIS you can use @netgroupname in host or user patterns; this
# even works for @usergroup@@hostgroup patterns. Weird.
#
# The EXCEPT operator makes it possible to write very compact rules.
#
# The group file is searched only when a name does not match that of the
# logged-in user. Both the user's primary group is matched, as well as
# groups in which users are explicitly listed.
#
##############################################################################
#
# Disallow console logins to all but a few accounts.
#
#-:ALL EXCEPT wheel shutdown sync:LOCAL
#
# Disallow non-local logins to privileged accounts (group wheel).
#
#-:wheel:ALL EXCEPT LOCAL .win.tue.nl
#
# Some accounts are not allowed to login from anywhere:
#
#-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL
#
# All other accounts are allowed to login from anywhere.

not suer if that answers the second part, as i don't understand what you're trying to say

geoffm33 · 02-18-2003, 11:09 AM

Make sure you are not letting root login from anywhere but the console. You can login as yourself remotely then su to root.

zahid@allbd.com · 04-22-2004, 04:23 AM

I guess there is relation of /etc/login.access with /etc/hosts.allow

Can one show me, about if I want to
Allow root from console only and
Allow userx from console and host 192.168.1.1 and
Allow usery from host 192.168.1.2 and
an example of group deny and
Deny all to login from anywhere

I was using it for a long time. Recently found little difficulty.

Thanks for listening,

Zahid